[Bug 7559] New: DKIM default minimum key size should be 1024 bits

bugzilla-daemon Wed, 21 Feb 2018 06:43:40 -0800

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7559


            Bug ID: 7559
           Summary: DKIM default minimum key size should be 1024 bits
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: Undefined

Current 3.4 branch and trunk DKIM code is allowing a 768 bit key size.

OpenDKIM header:
================
Authentication-Results: smtp3i.ena.net;
    dkim=policy reason="signing key too small" (768-bit key)
header.d=mails-express.com [email protected] header.b="Mv82gS9m"

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=mails-express.com; s=default;

That message is hitting DKIM_VALID but shouldn't be considered valid these days
since a key size less than 1024 can be cracked trivially.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 7559] New: DKIM default minimum key size should be 1024 bits

Reply via email to